<?php
declare (strict_types=1);

namespace app\admin\middleware;

use think\facade\Session;

class AdminPermission
{
    use \app\common\traits\Base;

    /**
     * 处理请求
     *
     * @param \think\Request $request
     * @param \Closure $next
     * @return Response
     */
    public function handle($request, \Closure $next)
    {
        //超级管理员不需要验证
        if (in_array(Session::get('admin.username'), config('app.no_auth_user'))) return $next($request);
        //白名单验证
        $check = $request->controller(true) . '/' . $request->action(true);
        if (in_array($check, config('app.white_list'))) return $next($request);
        //验证权限
        $url = $request->root() . '/' . $request->controller(true) . '/' . $request->action(true);
        $href = array_column(Session::get('admin.menu'), 'href');
        foreach ($href as $item) {
            if (strtolower($url) == strtolower($item)) {
                return $next($request);
            }
        }
        return $request->isAjax() ? $this->json('权限不足', 999) : $this->error('权限不足', '');
    }
}
